The field of Internet banking services, i.e., services that enable banking transactions, bill payments, and the like over the Internet through a financial institution's secure web site, is growing rapidly. Ease of use and convenience contribute to this rapid growth. Internet banking (also known as online banking) allows customers to satisfy their banking needs anytime (even when “brick and mortar” branches are closed) and anywhere that Internet access is available. In most cases, no special hardware or software is needed; all that is required is a web browser (such as Internet Explorer) and an Internet connection.
Preventing fraud is a matter of paramount concern in Internet banking, and proper authentication, the process of verifying the identity of a person or entity, is essential to mitigating the risk of fraud. Customer authentication generally involves checking for things such as (i) something a person knows (e.g., a password, Personal Identification Number, or shared secret), (ii) something a person has (for example, a digital certificate using a Public Key infrastructure or a physical device such as an ATM card, a smart card, a USB token device or dongle, or a one-time password-generating token), and (iii) something a person is (for example, biometric features such as a fingerprint).
Internet banking user interfaces typically are secure sites (generally employing the https protocol) so that all information traffic, including the password, is encrypted, making it next to impossible for a third party to obtain or modify information after it is sent. However, encryption alone does not prevent bad actors from misappropriating passwords through brute force cracking methods, illicit surveillance, “malware” or other tools to intercept a password as it is entered on an insecure computer, pharming (redirecting an individual's web request to another location), phishing (the act of sending an email to a user falsely claiming to be an established enterprise in an attempt to scam the user into surrendering private information), social engineering, or unauthorized access to password store facilities. Consequently single-factor authentication, such as the password used in many corporate computing environments, is considered inadequate for highly sensitive banking transactions involving access to customer information or the movement of funds to other parties.
The federal banking regulators in the United States have directed financial institutions to implement multifactor authentication, layered security, or other controls reasonably calculated to mitigate the risks of fraud and/or malicious misappropriation of passwords. Such controls preferably will include a multi-factor authentication method and system coupled with an intrusion detection system, i.e., a method and system for identifying persons attempting to use a misappropriated password to access the Internet banking system.
There are disadvantages associated with use of “something the customer has” as an authentication factor for use in Internet banking transactions. Biometric readers typically include specialized equipment which is expensive to install, costly to maintain, and tends to limit the consumer's choices of where to access the Internet banking services. Requiring the customer to use a digital certificate or hardware token decreases ease of use and increases installation and maintenance costs. All of these disadvantages detract from the core benefits of Internet banking: ease of use and convenience. Research confirms that many consumers prefer other authentication measures (such as challenge questions) over hardware tokens. What is needed is a method and system for mitigating the risks of fraud in Internet banking that balances the ease of use and convenience advantages of Internet banking with reasonably effective security precautions.
An intrusion detection system can be a valuable part of any system of controls intended to detect and deter fraudulent use of Internet banking services. Generally speaking, intrusion detection systems utilize two major principles: anomaly detection, which relies on flagging anomalous or abnormal behavior, and signature detection, which flags behavior that corresponds to previously-defined pattern signatures of known intrusions. A signature detection system, however, may not be able to detect novel intrusion pattern signatures. One problem with anomaly detection is that there may be a high rate of false positives (i.e., falsely indicating the presence of a potential intruder), which require time and effort to sort out and may affect the ease and convenience of the Internet banking services. What is needed is an application intrusion detection system that balances the ease of use and convenience advantages of Internet banking with reasonably effective security precautions.